military bidding fetcher

v0.2.6

军工采招商机自动抓取工具。从全军武器装备采购信息网、军队采购网、国防科大采购网抓取招标信息，过滤并生成 Excel 报表。当用户说"抓取商机"、"查新"、"采集招标"时触发。

⭐ 0· 279·1 current·1 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhangpengle/military-bidding-fetcher.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "military bidding fetcher" (zhangpengle/military-bidding-fetcher) from ClawHub.
Skill page: https://clawhub.ai/zhangpengle/military-bidding-fetcher
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install military-bidding-fetcher

ClawHub CLI

Package manager switcher

npx clawhub@latest install military-bidding-fetcher

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description promise a web-scraper for three military procurement sites; included Python files (requests/pandas/openpyxl) implement exactly that. This capability reasonably explains the dependencies and behavior. Minor mismatch: registry metadata lists no required env vars, but SKILL.md and the code describe many optional FETCHER_* environment variables and a .env config file—so the manifest underreports configuration needs.

Instruction Scope

SKILL.md and code instruct the agent to read configuration from ~/.config/milb-fetcher/.env and ./ .env and to write output to a workspace path. The code uses optional proxy configuration (FETCHER_USE_PROXY, FETCHER_PROXY) and may access networked endpoints (the three stated sites). These behaviors are consistent with scraping, but the skill will read user config files in the home directory which might contain unrelated secrets, and the registry did not declare those config paths. The SKILL.md contains an install hint (pip install -e {baseDir}) even though the registry lists no install spec.

✓

Install Mechanism

No remote download or opaque installer is used; the package is a local Python package (pyproject.toml present) and SKILL.md suggests pip install -e {baseDir}. No high-risk download URLs or extract steps seen. Slight inconsistency: the registry reported 'No install spec — instruction-only' while code and SKILL.md indicate a local pip install is intended.

Credentials

The registry requires no credentials, which aligns with scraper functionality. However the SKILL.md and code expect optional FETCHER_* settings (keywords, exclude lists, high-value keywords, regions, FETCHER_USE_PROXY, FETCHER_PROXY, FETCHER_OUTPUT_DIR) stored in milb_fetcher/.env or ~/.config/milb-fetcher/.env. Reading a ~/.config/.../.env file gives the skill access to any environment-like secrets a user might store there; the ability to proxy requests via FETCHER_PROXY could be abused if a user sets it to an attacker-controlled endpoint. These env/config usages are plausible for the stated purpose but were not declared in registry metadata, which is a proportionality/visibility problem.

✓

Persistence & Privilege

The skill is not always: true and does not request system-wide changes. It writes output to a workspace path and reads its own config files; there is no evidence it modifies other skills or system settings. Autonomous invocation is allowed (default) but not, by itself, an unexplained privilege.

Scan Findings in Context

[no_pre_scan_findings] expected: Static pre-scan reported no injection signals. The code does perform subprocess.run (to get a timestamp) and issues HTTP requests, which are expected for a scraper; absence of regex hits is not proof of safety.

What to consider before installing

This package appears to implement the described scraper, but take these precautions before installing: 1) Review the full fetcher.py (the provided file was truncated) to ensure no hidden network endpoints or data exfiltration paths exist. 2) Check and control any milb_fetcher/.env or ~/.config/milb-fetcher/.env files — do not place API keys or other secrets there unless you trust the author. 3) Avoid setting FETCHER_PROXY to an untrusted proxy (it will route scraped data through that endpoint). 4) Because the owner and homepage are unknown, consider running it in an isolated environment (container/VM) first and monitor network traffic. 5) If you plan to use it in production, request a proper install spec and a vetted source/repository (or maintain your own fork) so you can audit updates.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🕷️ Clawdis

latestvk978z4h171a9caftd5njwnv0j5848kfz

279downloads

0stars

10versions

Updated 1h ago

v0.2.6

MIT-0

Milb Fetcher

从三大军工采购平台自动抓取招标信息。

快速使用

/milb-fetcher → 自动检测各渠道最新可用日期并抓取（默认）
/milb-fetcher --help → 显示帮助信息

日期选择（三选一，不指定则自动检测）

/milb-fetcher --today → 抓取今日
/milb-fetcher --yesterday → 抓取昨日
/milb-fetcher --date 2026-03-23 → 抓取指定日期

筛选参数

--keywords "关键词1,关键词2" → 核心关键词
--exclude-keywords "排除词1,排除词2" → 排除关键词
--high-value-keywords "高价值词1,高价值词2" → 高价值关键词（用于推荐评级）
--regions "地区1,地区2" → 地区筛选（仅对军队采购网生效）

输出控制

--output /path/to/file.xlsx → 指定输出路径（默认存至 ~/.openclaw/workspace/military-bidding/军队采购商机汇总_{date}.xlsx）
--no-auto-latest → 禁用自动检测最新日期（未指定日期时改用今日）

数据源

全军武器装备采购信息网
军队采购网
国防科大采购信息网

过滤词

通过 FETCHER_EXCLUDE_KEYWORDS 配置，命中排除词的条目将被过滤掉。

触发词

抓取、采集、爬虫、查新、每日商机

配置文件

配置文件位于 milb_fetcher/.env（独立配置），可配置以下参数：

环境变量	用途	格式
`FETCHER_KEYWORDS`	核心关键词，逗号分隔	`词1,词2,...`
`FETCHER_EXCLUDE_KEYWORDS`	排除关键词，逗号分隔	`词1,词2,...`
`FETCHER_HIGH_VALUE_KEYWORDS`	高价值关键词，逗号分隔	`词1,词2,...`
`FETCHER_REGIONS`	地区，逗号分隔	`省份1,省份2,...`

创建配置文件可复制 milb_fetcher/.env.example 为 milb_fetcher/.env 后修改。

Comments

Loading comments...